﻿<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

	<head>
		<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
		<title>ASP.NET Web API Controllers</title>
		<link type="text/css" rel="stylesheet" href="bootstrap.min.css" />
	</head>

	<body>

		<div class="document-contents">

			<h3>Introduction</h3>
			<p>ASP.NET Boilerplate is integrated to <strong>ASP.NET Web API Controllers</strong> via <strong>
Abp.Web.Api</strong> nuget package. You can create regular ASP.NET Web API Controllers as 
you always do. <a href="/Pages/Documents/Dependency-Injection">Dependency Injection</a> properly works for regular 
ApiControllers. But you should derive your controllers from <strong>
	AbpApiController</strong>, which provides several benefits 
	and better integrates to ASP.NET Boilerplate.</p>
			<h3>AbpApiController Base Class</h3>
			<p>This is a simple api controller derived from <strong>AbpApiController</strong>:</p>
			<pre lang="cs">public class UsersController : <strong>AbpApiController</strong>
{

}</pre>
			<h4>Localization</h4>
			<p>AbpApiController defines <strong>L</strong> method to make
				<a href="/Pages/Documents/Localization">localization</a> easier. Example:</p>
			<pre lang="cs">public class UsersController : <strong>AbpApiController</strong>
{
    public UsersController()
    {
        <strong>LocalizationSourceName = &quot;MySourceName&quot;;</strong>
    }

    public UserDto Get(long id)
    {
        var helloWorldText = <strong>L(&quot;HelloWorld&quot;)</strong>;

        //...
    }
}</pre>
			<p>You should set <strong>LocalizationSourceName</strong> to make <strong>L</strong> method 
	working. You can set it in your own base api controller class, to not repeat for 
	each api controller.</p>

		<div class="document-contents">

			<h4>Others</h4>
			<p>You can also use pre-injected <a href="/Pages/Documents/Abp-Session">AbpSession</a>, 
				<a href="/Pages/Documents/EventBus-Domain-Events">EventBus</a>, 
				<a href="/Pages/Documents/Authorization">PermissionManager, PermissionChecker</a>, 
				<a href="/Pages/Documents/Setting-Management">SettingManager</a>, 
				<a href="/Pages/Documents/Feature-Management">FeatureManager, FeatureChecker</a>, 
				<a href="/Pages/Documents/Localization">LocalizationManager</a>, 
				<a href="/Pages/Documents/Logging">Logger</a>, 
				<a href="/Pages/Documents/Unit-Of-Work">CurrentUnitOfWork</a> base 
	properties and more.</p>

		</div>
			<h3>Filters</h3>
			<p>ABP defines some <strong>pre-built filters</strong> for AspNet 
			Web API. All 
	of them are added to <strong>all actions of all controllers</strong> by 
	default.</p>
			<h4>Audit Logging</h4>
			<strong>AbpApiAuditFilter</strong> is used to integrate to
	<a href="Audit-Logging.html">audit logging system</a>. It logs all requests 
	to all actions by default (if auditing is not disabled). You can control audit logging using <strong>Audited</strong> and <strong>
	DisableAuditing</strong> attributes for actions and controllers.<h4>Authorization</h4>
			<p>You can use <strong>AbpApiAuthorize</strong> attribute for your 
	api controllers or actions to prevent unauthorized users to use your controllers 
	and actions. Example:</p>
			<pre lang="cs">public class UsersController : AbpApiController
{
    <strong>[AbpApiAuthorize(&quot;MyPermissionName&quot;)]</strong>
    public UserDto Get(long id)
    {
        //...
    }
}</pre>
			<p>You can define <strong>AllowAnonymous</strong> attribute for actions or controllers to suppress 
		authentication/authorization. AbpApiController also defines <strong>IsGranted</strong> method as a 
	shortcut to check permissions in the code.</p>
			<p>See <a href="/Pages/Documents/Authorization">authorization</a> 
	documentation for more.&nbsp;</p>
			<h4>Anti Forgery Filter</h4>
			<p><strong>AbpAntiForgeryApiFilter</strong> is used to auto protect 
			ASP.NET Web API actions (including <a href="Dynamic-Web-API.html">
			dynamic web api</a>) for POST, PUT and DELETE requests from 
			CSRF/XSRF attacks. See <a href="XSRF-CSRF-Protection.html">CSRF 
			documentation</a> for more.&nbsp;</p>
			<h4>Unit Of Work</h4>
	<p><strong>AbpApiUowFilter</strong> is used to integrate to
	<a href="Unit-Of-Work.html">Unit of Work</a> system. It automatically begins 
	a new unit of work before an action execution and completes unit of work 
	after action exucition (if no exception is thrown).</p>
	<p>You can use <strong>UnitOfWork</strong> attribute to control behaviour of 
	UOW for an action. You can also use startup configuration to change default 
	unit of work attribute for all actions.</p>
			<h4>Result Wrapping &amp; Exception Handling</h4>
<p>ASP.NET Boilerplate <strong>does not wrap</strong> Web API actions <strong>by 
default</strong> if action has successfully executed. But 
it <strong>handles and wraps for exceptions</strong>. You can add 
WrapResult/DontWrapResult to actions and controllers if you need.&nbsp;You can change this default behaviour from
<a href="Startup-Configuration.html">startup configuration</a> (using 
Configuration.Modules.AbpWebApi()...). See <a href="Javascript-API/AJAX.html">
AJAX document</a> for more about result wrapping.&nbsp;</p>
			<h4>Result Caching</h4>
			<p>ASP.NET Boilerplate adds Cache-Control header (no-cache, 
			no-store) to the response for Web API requests. Thus, it prevents 
			browser caching of responses even for GET requests. This behaviour 
			can be disabled by the configuration.</p>
			<h4>Validation</h4>
			<p><strong>AbpApiValidationFilter</strong> automatically checks <strong>
			ModelState.IsValid</strong> and prevents execution of the action if 
			it's not valid. Also, implements input DTO validation described in 
			the <a href="Validating-Data-Transfer-Objects.html">validation 
			documentation</a>.</p>
		<h3>Model Binders</h3>
		<p><strong>AbpApiDateTimeBinder</strong> is used to normalize DateTime 
	(and Nullable&lt;DateTime&gt;) inputs using <strong>Clock.Normalize</strong> 
	method.</p>

		</div>

	</body>

</html>
